Red Hat and Oracle announced the general availability of Red Hat OpenShift on Oracle Cloud Infrastructure (OCI) Compute Virtual Machines (VMs).
DigiCert, announced a partnership with ReversingLabs to enhance software security by combining advanced binary analysis and threat detection from ReversingLabs with DigiCert's enterprise-grade secure code signing solution.
DigiCert customers will benefit from improved software integrity through deep analysis that shows their software is free from known threats like malware, software implants, software tampering and exposed secrets before they securely sign it.
"DigiCert's partnership with ReversingLabs advances supply chain security through threat detection and secrets protection delivered by automated workflows that seamlessly operate within DevOps environments and CI/CD pipelines," said Deepika Chauhan, Chief Product Officer at DigiCert. "This newly combined solution protects against software-based vulnerabilities and attacks, helping organizations ensure digital trust and build confidence with their customers."
Mario Vuksan, CEO and Co-founder at ReversingLabs, said, "Every DigiCert customer needs to think about the integrity of the software they build, buy or run. Our work together will strengthen the ecosystem and provide organizations with the necessary tools to ensure the trustworthiness of their software."
Powered by ReversingLabs, threat detection within DigiCert Software Trust Manager secures the software supply chain through advanced, comprehensive detection of threats such as malware, software tampering, inclusion of secrets and certificate misconfigurations in open-source software, proprietary software, containers and release packages.
Software Trust Manager provides a single workflow that is centrally controlled across the organization. The solution also generates a comprehensive software bill of materials (SBOM) covering internally developed and third-party software, such as open-source and commercially licensed software. As attacks on the software supply chain increase, threat detection and SBOM generation are becoming increasingly important and the focus of government and industry regulations.
Industry News
The Software Engineering Institute at Carnegie Mellon University announced the release of a tool to give a comprehensive visualization of the complete DevSecOps pipeline.
Synopsys has entered into a definitive agreement with Clearlake Capital Group, L.P. and Francisco Partners.
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.